<?php
/* $Id: settings.php 14 2009-04-11 17:40:34Z ronan $ */
$basesite=$_SERVER['PHP_SELF'];
require("common.php");
require("auth.php");
require("header.php");
$errmsg='';
if(isset($_POST['oldpass'])) {
	if($pwd==$_POST['oldpass']) { //authenticated to change stuff
		if(!(''==$_POST['newpass'])) {
			if(!(''==$_POST['cnewpass'])) {
				if($_POST['newpass']==$_POST['cnewpass']) {
					if(is_alphanumeric($_POST['newpass'])) $newpass=$_POST['newpass'];
					else $errmsg.="Invalid password - passwords must be purely alphanumeric";
				} else $errmsg.="Password and confirmed password do not match!<br />";
			} else $errmsg.="You entered a new password, but did not confirm it!<br />";
		}
		if(!(''==$_POST['newemail'])) {
			if(preg_match($emailRegex, $_POST['newemail'])) {
				$newemail=$_POST['newemail'];
			} else $errmsg.="You entered an invalid email address.<br />";
		}
	} else {
		$errmsg.="Incorrect old password!<br />";
	}
	if((isset($newpass) || isset($newemail))&&$errmsg=='') {
		$q="UPDATE users SET ";
		if(isset($newpass)) {
			$q.="password=PASSWORD('$newpass')";
			$_SESSION['pwd'] = $newpass;
			$pwd = $newpass;
		}
		if(isset($newpass)&&isset($newemail))$q.=', ';
		if(isset($newemail)) {
			$q.="email='$newemail'";
			$useremail = $newemail;
		}
		$q.=" WHERE id='$uidnum' LIMIT 1";
		$result = Query($q);
		echo "Setting updated!";
		require("footer.php");
		exit;
	}
}
if(!(''==$errmsg)) $errmsg="<font color=\"red\">".$errmsg."</font><br />"; else $errmsg='';
?>
You must enter your current password to change any settings, but if you only want to update one or the other, just leave the other blank.<br /><br />
<?php echo $errmsg; ?>
<form method="POST" action="settings.php">
<table><tr><td>Username: </td><td><?php echo $uid; ?></td></tr>
<tr><td>Old Password: </td><td><input type="password" name="oldpass" size="20" /></td></tr>
<tr><td>New Password: </td><td><input type="password" name="newpass" size="20" /></td></tr>
<tr><td>Confirm New Password: </td><td><input type="password" name="cnewpass" size="20" /></td></tr>
<tr><td>New Email: </td><td><input type="text" name="newemail" size="20" value=<?php echo $useremail; ?> /></td></tr>
</table>
<input type="submit" value="Save changes" /></form><?php

require("footer.php");
?>